qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robbie Gemmell (JIRA)" <qpid-...@incubator.apache.org>
Subject [jira] Commented: (QPID-1872) NPE thrown by SimpleXML ACLs when consume permission is missing
Date Thu, 08 Oct 2009 16:00:32 GMT

    [ https://issues.apache.org/jira/browse/QPID-1872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12763540#action_12763540
] 

Robbie Gemmell commented on QPID-1872:
--------------------------------------

This is caused by a lack of consume permissions for the user resulting in a null value being
returned when attempting to retrieve the queuePermissions list within PrincipalPermissions.authorise(),
from which further sub-lists are retrieved without first checking the outer list is non-null.
This situation only arises when the user has some other (create/publish) rights, in order
to ensure that the appropriate PrincipalPermissions instance is actually created (otherwise
the user is denied at an earlier stage as a PrincipalPermissions instance is not found for
the user).

The value can be checked to ensure it is non-null before procedeeding with additional checks,
and the request should otherwise be denied as it immediately indicates a lack of consume rights
for the user.

The prededing code areas have changed significantly since the original report, an updated
stack trace can be seen below:

pool-1-thread-2 2009-10-08 15:37:02,773 ERROR [qpid.server.protocol.AMQProtocolSession] Unexpected
exception while processing frame. Closing connection.
java.lang.NullPointerException
at org.apache.qpid.server.security.access.PrincipalPermissions.authorise(PrincipalPermissions.java:498)
at org.apache.qpid.server.security.access.plugins.SimpleXML.authoriseConsume(SimpleXML.java:328)
at org.apache.qpid.server.security.access.plugins.SimpleXML.authoriseConsume(SimpleXML.java:335)
at org.apache.qpid.server.security.access.ACLManager$4.allowed(ACLManager.java:207)
at org.apache.qpid.server.security.access.ACLManager.checkAllPlugins(ACLManager.java:130)
at org.apache.qpid.server.security.access.ACLManager.authoriseConsume(ACLManager.java:201)
at org.apache.qpid.server.handler.BasicConsumeMethodHandler.methodReceived(BasicConsumeMethodHandler.java:101)
at org.apache.qpid.server.handler.ServerMethodDispatcherImpl.dispatchBasicConsume(ServerMethodDispatcherImpl.java:137)
at org.apache.qpid.framing.amqp_0_9.BasicConsumeBodyImpl.execute(BasicConsumeBodyImpl.java:187)
at org.apache.qpid.server.state.AMQStateManager.methodReceived(AMQStateManager.java:204)
at org.apache.qpid.server.protocol.AMQMinaProtocolSession.methodFrameReceived(AMQMinaProtocolSession.java:345)
at org.apache.qpid.framing.AMQMethodBodyImpl.handle(AMQMethodBodyImpl.java:93)
at org.apache.qpid.server.protocol.AMQMinaProtocolSession.frameReceived(AMQMinaProtocolSession.java:280)


> NPE thrown by SimpleXML ACLs when consume permission is missing
> ---------------------------------------------------------------
>
>                 Key: QPID-1872
>                 URL: https://issues.apache.org/jira/browse/QPID-1872
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: M4, 0.5
>            Reporter: Martin Ritchie
>            Assignee: Robbie Gemmell
>
> Summary:
> When attempting to consume from a queue without permission the broker will throw a NPE
if the user does not have any create permissions.
> 2009-03-19 13:52:56,478 ERROR [pool-2-thread-2] protocol.AMQMinaProtocolSession (AMQMinaProtocolSession.java:365)
- Unexpected exception while processing frame. Closing connection.
> java.lang.NullPointerException
>         at org.apache.qpid.server.security.access.PrincipalPermissions.authorise(PrincipalPermissions.java:465)
>         at org.apache.qpid.server.security.access.plugins.SimpleXML.authorise(SimpleXML.java:309)
>         at org.apache.qpid.server.handler.BasicConsumeMethodHandler.methodReceived(BasicConsumeMethodHandler.java:101)
>         at org.apache.qpid.server.handler.ServerMethodDispatcherImpl.dispatchBasicConsume(ServerMethodDispatcherImpl.java:137)
>         at org.apache.qpid.framing.amqp_0_9.BasicConsumeBodyImpl.execute(BasicConsumeBodyImpl.java:187)
>         at org.apache.qpid.server.state.AMQStateManager.methodReceived(AMQStateManager.java:204)
>         at org.apache.qpid.server.protocol.AMQMinaProtocolSession.methodFrameReceived(AMQMinaProtocolSession.java:295)
>         at org.apache.qpid.framing.AMQMethodBodyImpl.handle(AMQMethodBodyImpl.java:93)
>         at org.apache.qpid.server.protocol.AMQMinaProtocolSession.frameReceived(AMQMinaProtocolSession.java:
> This happens when the user that is used in the connection does not have consume privilege.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org


Mime
View raw message